<?php

	$imgid   = escapestr($_REQUEST['id']);

	$query   = "select * from photos where `owner`='$id' and `id`='$imgid'" ;
	$result  = mysql_query($query);
	 
	if ($imgdata = mysql_fetch_array($result)) {

		
		$photo    = "<center><img border=\"0\" src=\"index.php?do=getphoto&square=1&size=400&id=$imgid\" alt=\"".	$imgdata['title']."\"></center>";		



		if ($_REQUEST['add']) {
			$userid = escapestr($_REQUEST['add']);
			$query = "SELECT * from privatephotos where `photo`='$imgid' and `user`='$userid'";
			$result = mysql_query ( $query ) ;
			if (mysql_num_rows($result)){ 
				$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_privatephoto"),GetLangString($lang,"msg_alreadyprivateuser"));
			} else {
				$query = "INSERT into privatephotos (`photo`,`user`) values ('$imgid','$userid')";
				$result = mysql_query ( $query ) ;
				if ($result) {
					$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_privatephoto"),GetLangString($lang,"msg_privateuseradded"));
				} else {
					$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_error"),GetLangString($lang,"msg_dberror"));
				}
			}	
		} else 
		if ($_REQUEST['delete']) {
			$userid = escapestr($_REQUEST['delete']);
			$query = "DELETE from privatephotos where `photo`='$imgid' and `user`='$userid'";
			$result = mysql_query ( $query ) ;
			if ($result) {
				$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_privatephoto"),GetLangString($lang,"msg_privateuserremoved"));
			} else {
				$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_error"),GetLangString($lang,"msg_dberror"));
			}
		}		 

		$add = "<form action=\"index.php?do=privatephoto&id=$imgid\" method=\"post\"><select name=\"add\" size=\"1\">";
		$query 	= "Select * from users"	;
		$result =	mysql_query($query);
		while (	$profile 	=	mysql_fetch_array($result) ) {
			$add .= "<option value=".$profile['id'].">".$profile['name']."</option>";
		}
		$add .= "</select><input  value=".GetLangString ( $lang , "txt_add"). "   type=\"submit\"></form>";

		$delete = "<form action=\"index.php?do=privatephoto&id=$imgid\" method=\"post\"><select name=\"delete\" size=\"1\">";
		$query 	= "Select * from `privatephotos` where `photo`='$imgid'"	;
		$result =	mysql_query($query);
		while (	$profile 	=	mysql_fetch_array($result) ) {
			$delete .= "<option value=".$profile['user'].">";
			$query2= "select `name` from `users` where `id`='".$profile['user']."'";
			$result2= mysql_query($query2);
			$deletename = mysql_result($result2,0);
			$delete .= "$deletename</option>";
		}
		$delete .= "</select><input value=".GetLangString ( $lang , "txt_delete"). "  type=\"submit\"></form>";

		$text = "<center><table border=\"0\" width=\"75%\"><tr><td width=\"50%\"> ".
						FormatElement( GetLangString ( $lang , "txt_add"), $add)  . "</td><td>" . 
						FormatElement( GetLangString ( $lang , "txt_delete"), $delete) . "</td></tr></table></center>"; 

		$SITE_MIDDLE .= FormatElement(GetLangString($lang, "txt_manageprivatephoto") , $photo . $text);

	} else {
		$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_err"),GetLangString($lang,"msg_photonotfound")); 
	}



?>
